Extracted

• • Target

    9c6f806374d594a4a9213a8d1c9415eb_JaffaCakes118

  • Size

    475KB

  • MD5

    9c6f806374d594a4a9213a8d1c9415eb

  • SHA1

    16b56047dc14e07ef61b75adf2f63efade034d6b

  • SHA256

    db0e76eec32745e2c378771f5a3a9c350d9ba3a5337340ae80f1fc534a715c5b

  • SHA512

    d13cb71fa7bdaee133cca43eb66335a4616fec3cfc1534cdd668114d679a61b6bbeb4990bf4ceace45fa5015e0e6892160b147719c63a29675edc5b93f2aeda6

  • SSDEEP

    12288:1QS6a/Gbu4F0I10UoyHKCl9FsR4g4PA3VvxDX5XW5C4:1bGi4P10t1Cz2q2vT4

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2